Jump to content

ftballpack

Honorary Members
  • Posts

    202
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

2,711 profile views
  1. Malwarebytes anti-exploit is a memory based protection. EternalBlue is a network based attack. Blocking the affected port using a firewall, or an Intrusion Detection System (IPS) (which is almost always running Snort) can stop this attack. Of course patching would completely stop the EternalBlue exploit, used by WannaCry completely. Malwarebytes anti-ransomware,which is bundled into Malwarebytes 3.0 would also stop the ransomware infection; however, it would not stop a computer for from first being exploited. This is why the NSA liked EternalBlue, without knowledge of the exploit, IPS is useless to stop this type of attack and Malwarebytes Anti-Exploit, HitmanPro.Alert, and EMET would be useless to stop it. Luckily IPS, such as that included in Symantec Endpoint, which Symantec took from Sygate when they purchased them, would protect users, as the Symantec's Endpoint firewall based on Sygate's firewall, includes Snort. Malwarebytes anti-exploit on it's own will not stop WannaCry, unfortunately.
  2. Not disagreeing with you 1PW. But a comment of "yes" is hardly reassuring without some sort of explanation. For the benefit of all MBAE users, I hope the moderator is right!
  3. hake, thank you for your post concerning the host file modification. With 1.08.1.2572, disabling automatic updates results in a prompt asking to update at every restart. I have a hard time understanding why Malwarebytes did not foresee this being a problem for users. I like to keep my security software on a controlled update schedule. Without your host file modification, I would have been required to stop all outbound communication from Malwarebytes. This means no samples would have been submitted to Malwarebytes on detection, which somewhat defeats the purpose of running anti-exploit in the first place.
  4. AtomBombing appears to be a OS level issue. Malwarebytes Anti-Exploit works to harden applications that work at the application level, ie., firefox. I am sure more will come out in the coming days. That being said, I would expect Microsoft has staff looking into this and if any you are running HIPS, snort rules will be written to block any known exploit attempts, after they are discovered. In the mean time, I would not count on MBAE or any other security tool to block this exploit if it occurs at the OS level. MBAE can not stop OS based exploits; however, it does limit what can be done at the application level and thus is still very useful to limit the overall number of attacks that can be used against applications running on a Windows based system. http://www.scmagazine.com/system-level-exploit-allows-code-injection-of-all-windows-os-versions/article/569173/
  5. I just scanned a computer that I had to manually reinstall Microsoft Update a few years ago and the older re installer that I had left on the machine is currently being detected as a Trojan agent. Attached is the log and the older windows update file. The following link is where the current windows update installer for Windows XP can be found: http://download.windowsupdate.com/WindowsUpdate/redist/standalone/7.4.7600.226/WindowsUpdateAgent30-x86.exe mbam-log-2012-07-04 (18-52-15).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.